Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for online_course_registration_system by phpgurukul

    CVE-2026-0803 (GCVE-0-2026-0803)

    Vulnerability from nvd – Published: 2026-01-09 15:32 – Updated: 2026-02-23 08:25 X_Freeware
    VLAI
    Title
    PHPGurukul Online Course Registration System enroll.php sql injection
    Summary
    A vulnerability was found in PHPGurukul Online Course Registration System up to 3.1. This affects an unknown part of the file /enroll.php. The manipulation of the argument studentregno/Pincode/session/department/level/course/sem results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.340255 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.340255 signaturepermissions-required
    https://vuldb.com/?submit.733344 third-party-advisory
    https://note-hxlab.wetolink.com/share/qX132pk8Wofk exploit
    https://phpgurukul.com/ product
    Impacted products
    Vendor Product Version
    PHPGurukul Online Course Registration System Affected: 3.0
    Affected: 3.1
        cpe:2.3:a:phpgurukul:online_course_registration_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    angelkate (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0803",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-09T16:24:14.834025Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-09T16:24:22.841Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:phpgurukul:online_course_registration_system:*:*:*:*:*:*:*:*"
              ],
              "product": "Online Course Registration System",
              "vendor": "PHPGurukul",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0"
                },
                {
                  "status": "affected",
                  "version": "3.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "angelkate (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in PHPGurukul Online Course Registration System up to 3.1. This affects an unknown part of the file /enroll.php. The manipulation of the argument studentregno/Pincode/session/department/level/course/sem results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T08:25:26.551Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-340255 | PHPGurukul Online Course Registration System enroll.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.340255"
            },
            {
              "name": "VDB-340255 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.340255"
            },
            {
              "name": "Submit #733344 | PHPGurukul Online Course Registration System \u2264 3.1 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.733344"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://note-hxlab.wetolink.com/share/qX132pk8Wofk"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://phpgurukul.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-01-09T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-01-22T18:32:14.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "PHPGurukul Online Course Registration System enroll.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-0803",
        "datePublished": "2026-01-09T15:32:09.036Z",
        "dateReserved": "2026-01-09T09:41:52.701Z",
        "dateUpdated": "2026-02-23T08:25:26.551Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0733 (GCVE-0-2026-0733)

    Vulnerability from nvd – Published: 2026-01-08 23:32 – Updated: 2026-02-23 08:25 X_Freeware
    VLAI
    Title
    PHPGurukul Online Course Registration System manage-students.php sql injection
    Summary
    A vulnerability was determined in PHPGurukul Online Course Registration System up to 3.1. This impacts an unknown function of the file /onlinecourse/admin/manage-students.php. This manipulation of the argument id/cid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    PHPGurukul Online Course Registration System Affected: 3.0
    Affected: 3.1
        cpe:2.3:a:phpgurukul:online_course_registration_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    angelkate (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0733",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-09T16:21:52.970602Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-09T16:22:02.232Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:phpgurukul:online_course_registration_system:*:*:*:*:*:*:*:*"
              ],
              "product": "Online Course Registration System",
              "vendor": "PHPGurukul",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0"
                },
                {
                  "status": "affected",
                  "version": "3.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "angelkate (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in PHPGurukul Online Course Registration System up to 3.1. This impacts an unknown function of the file /onlinecourse/admin/manage-students.php. This manipulation of the argument id/cid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T08:25:04.752Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-340130 | PHPGurukul Online Course Registration System manage-students.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.340130"
            },
            {
              "name": "VDB-340130 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.340130"
            },
            {
              "name": "Submit #733328 | PHPGurukul Online Course Registration System \u2264 3.1 SQL Injection Vulnerability",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.733328"
            },
            {
              "name": "Submit #733331 | PHPGurukul Online Course Registration System \u2264 3.1 SQL Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.733331"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://note-hxlab.wetolink.com/share/cU33RBoPPAF0"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://note-hxlab.wetolink.com/share/Tma34bofeB2L"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://phpgurukul.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-01-08T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-01-22T18:32:14.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "PHPGurukul Online Course Registration System manage-students.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-0733",
        "datePublished": "2026-01-08T23:32:13.020Z",
        "dateReserved": "2026-01-08T15:32:32.701Z",
        "dateUpdated": "2026-02-23T08:25:04.752Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-5066 (GCVE-0-2024-5066)

    Vulnerability from nvd – Published: 2024-05-17 20:00 – Updated: 2024-08-08 14:37
    VLAI
    Title
    PHPGurukul Online Course Registration System pincode-verification.php sql injection
    Summary
    A vulnerability classified as critical was found in PHPGurukul Online Course Registration System 3.1. Affected by this vulnerability is an unknown functionality of the file /pincode-verification.php. The manipulation of the argument pincode leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264925 was assigned to this vulnerability.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.264925 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.264925 signaturepermissions-required
    https://vuldb.com/?submit.336240 third-party-advisory
    https://github.com/BurakSevben/CVEs/blob/main/Onl… exploit
    Impacted products
    Vendor Product Version
    PHPGurukul Online Course Registration System Affected: 3.1
    Create a notification for this product.
    phpgurukul online_course_registration_system Affected: 3.1
        cpe:2.3:a:phpgurukul:online_course_registration_system:3.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Burak (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:03:10.629Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-264925 | PHPGurukul Online Course Registration System pincode-verification.php sql injection",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.264925"
              },
              {
                "name": "VDB-264925 | CTI Indicators (IOB, IOC, TTP, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.264925"
              },
              {
                "name": "Submit #336240 | PHPGurukul Online Course Registration System 3.1 SQL Injection",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.336240"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20SQL%20Injection%20-%204.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:phpgurukul:online_course_registration_system:3.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "online_course_registration_system",
                "vendor": "phpgurukul",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5066",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-20T15:50:06.580336Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-08T14:37:56.667Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Online Course Registration System",
              "vendor": "PHPGurukul",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Burak (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical was found in PHPGurukul Online Course Registration System 3.1. Affected by this vulnerability is an unknown functionality of the file /pincode-verification.php. The manipulation of the argument pincode leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264925 was assigned to this vulnerability."
            },
            {
              "lang": "de",
              "value": "In PHPGurukul Online Course Registration System 3.1 wurde eine kritische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /pincode-verification.php. Dank Manipulation des Arguments pincode mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-17T20:00:06.464Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-264925 | PHPGurukul Online Course Registration System pincode-verification.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.264925"
            },
            {
              "name": "VDB-264925 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.264925"
            },
            {
              "name": "Submit #336240 | PHPGurukul Online Course Registration System 3.1 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.336240"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20SQL%20Injection%20-%204.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-05-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-05-17T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-05-17T15:31:33.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "PHPGurukul Online Course Registration System pincode-verification.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-5066",
        "datePublished": "2024-05-17T20:00:06.464Z",
        "dateReserved": "2024-05-17T13:26:15.710Z",
        "dateUpdated": "2024-08-08T14:37:56.667Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5065 (GCVE-0-2024-5065)

    Vulnerability from nvd – Published: 2024-05-17 20:00 – Updated: 2024-08-01 21:03
    VLAI
    Title
    PHPGurukul Online Course Registration System sql injection
    Summary
    A vulnerability classified as critical has been found in PHPGurukul Online Course Registration System 3.1. Affected is an unknown function of the file /onlinecourse/. The manipulation of the argument regno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264924.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.264924 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.264924 signaturepermissions-required
    https://vuldb.com/?submit.336239 third-party-advisory
    https://github.com/BurakSevben/CVEs/blob/main/Onl… exploit
    Impacted products
    Credits
    Burak (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5065",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-20T13:52:08.271948Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:02:18.155Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:03:10.474Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-264924 | PHPGurukul Online Course Registration System sql injection",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.264924"
              },
              {
                "name": "VDB-264924 | CTI Indicators (IOB, IOC, TTP, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.264924"
              },
              {
                "name": "Submit #336239 | PHPGurukul Online Course Registration System 3.1 SQL Injection  (Unauthenticated)",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.336239"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20SQL%20Injection%20-%203%20(Unauthenticated).md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Online Course Registration System",
              "vendor": "PHPGurukul",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Burak (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in PHPGurukul Online Course Registration System 3.1. Affected is an unknown function of the file /onlinecourse/. The manipulation of the argument regno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264924."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in PHPGurukul Online Course Registration System 3.1 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /onlinecourse/. Dank der Manipulation des Arguments regno mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-17T20:00:04.992Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-264924 | PHPGurukul Online Course Registration System sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.264924"
            },
            {
              "name": "VDB-264924 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.264924"
            },
            {
              "name": "Submit #336239 | PHPGurukul Online Course Registration System 3.1 SQL Injection  (Unauthenticated)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.336239"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20SQL%20Injection%20-%203%20(Unauthenticated).md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-05-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-05-17T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-05-17T15:31:32.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "PHPGurukul Online Course Registration System sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-5065",
        "datePublished": "2024-05-17T20:00:04.992Z",
        "dateReserved": "2024-05-17T13:26:12.584Z",
        "dateUpdated": "2024-08-01T21:03:10.474Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5064 (GCVE-0-2024-5064)

    Vulnerability from nvd – Published: 2024-05-17 18:31 – Updated: 2024-08-01 21:03
    VLAI
    Title
    PHPGurukul Online Course Registration System news-details.php sql injection
    Summary
    A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been rated as critical. This issue affects some unknown processing of the file news-details.php. The manipulation of the argument nid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264923.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.264923 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.264923 signaturepermissions-required
    https://vuldb.com/?submit.336238 third-party-advisory
    https://github.com/BurakSevben/CVEs/blob/main/Onl… exploit
    Impacted products
    Vendor Product Version
    PHPGurukul Online Course Registration System Affected: 3.1
    Create a notification for this product.
    phpgurukul online_course_registration_system Affected: 3.1
        cpe:2.3:a:phpgurukul:online_course_registration_system:3.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Burak (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:phpgurukul:online_course_registration_system:3.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "online_course_registration_system",
                "vendor": "phpgurukul",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5064",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-21T18:49:08.230287Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:02:06.755Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:03:10.496Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-264923 | PHPGurukul Online Course Registration System news-details.php sql injection",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.264923"
              },
              {
                "name": "VDB-264923 | CTI Indicators (IOB, IOC, TTP, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.264923"
              },
              {
                "name": "Submit #336238 | PHPGurukul Online Course Registration System 3.1 SQL Injection  (Unauthenticated)",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.336238"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20SQL%20Injection%20-%202%20(Unauthenticated).md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Online Course Registration System",
              "vendor": "PHPGurukul",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Burak (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been rated as critical. This issue affects some unknown processing of the file news-details.php. The manipulation of the argument nid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264923."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in PHPGurukul Online Course Registration System 3.1 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei news-details.php. Durch Beeinflussen des Arguments nid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-17T18:31:06.286Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-264923 | PHPGurukul Online Course Registration System news-details.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.264923"
            },
            {
              "name": "VDB-264923 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.264923"
            },
            {
              "name": "Submit #336238 | PHPGurukul Online Course Registration System 3.1 SQL Injection  (Unauthenticated)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.336238"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20SQL%20Injection%20-%202%20(Unauthenticated).md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-05-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-05-17T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-05-17T15:31:31.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "PHPGurukul Online Course Registration System news-details.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-5064",
        "datePublished": "2024-05-17T18:31:06.286Z",
        "dateReserved": "2024-05-17T13:26:07.359Z",
        "dateUpdated": "2024-08-01T21:03:10.496Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5063 (GCVE-0-2024-5063)

    Vulnerability from nvd – Published: 2024-05-17 18:31 – Updated: 2024-08-01 21:03
    VLAI
    Title
    PHPGurukul Online Course Registration System index.php sql injection
    Summary
    A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264922 is the identifier assigned to this vulnerability.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.264922 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.264922 signaturepermissions-required
    https://vuldb.com/?submit.336236 third-party-advisory
    https://github.com/BurakSevben/CVEs/blob/main/Onl… exploit
    Impacted products
    Vendor Product Version
    PHPGurukul Online Course Registration System Affected: 3.1
    Create a notification for this product.
    phpgurukul online_course_registration_system Affected: 3.1
        cpe:2.3:a:phpgurukul:online_course_registration_system:3.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Burak (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:phpgurukul:online_course_registration_system:3.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "online_course_registration_system",
                "vendor": "phpgurukul",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5063",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-24T14:55:12.151974Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:01:51.039Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:03:10.441Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-264922 | PHPGurukul Online Course Registration System index.php sql injection",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.264922"
              },
              {
                "name": "VDB-264922 | CTI Indicators (IOB, IOC, TTP, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.264922"
              },
              {
                "name": "Submit #336236 | PHPGurukul Online Course Registration System 3.1 Authentication Bypass via SQL Injection",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.336236"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20Authentication%20Bypass.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Online Course Registration System",
              "vendor": "PHPGurukul",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Burak (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264922 is the identifier assigned to this vulnerability."
            },
            {
              "lang": "de",
              "value": "In PHPGurukul Online Course Registration System 3.1 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/index.php. Durch das Beeinflussen des Arguments username/password mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-17T18:31:04.690Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-264922 | PHPGurukul Online Course Registration System index.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.264922"
            },
            {
              "name": "VDB-264922 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.264922"
            },
            {
              "name": "Submit #336236 | PHPGurukul Online Course Registration System 3.1 Authentication Bypass via SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.336236"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20Authentication%20Bypass.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-05-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-05-17T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-05-17T15:31:22.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "PHPGurukul Online Course Registration System index.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-5063",
        "datePublished": "2024-05-17T18:31:04.690Z",
        "dateReserved": "2024-05-17T13:26:04.350Z",
        "dateUpdated": "2024-08-01T21:03:10.441Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-0803 (GCVE-0-2026-0803)

    Vulnerability from cvelistv5 – Published: 2026-01-09 15:32 – Updated: 2026-02-23 08:25 X_Freeware
    VLAI
    Title
    PHPGurukul Online Course Registration System enroll.php sql injection
    Summary
    A vulnerability was found in PHPGurukul Online Course Registration System up to 3.1. This affects an unknown part of the file /enroll.php. The manipulation of the argument studentregno/Pincode/session/department/level/course/sem results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.340255 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.340255 signaturepermissions-required
    https://vuldb.com/?submit.733344 third-party-advisory
    https://note-hxlab.wetolink.com/share/qX132pk8Wofk exploit
    https://phpgurukul.com/ product
    Impacted products
    Vendor Product Version
    PHPGurukul Online Course Registration System Affected: 3.0
    Affected: 3.1
        cpe:2.3:a:phpgurukul:online_course_registration_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    angelkate (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0803",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-09T16:24:14.834025Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-09T16:24:22.841Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:phpgurukul:online_course_registration_system:*:*:*:*:*:*:*:*"
              ],
              "product": "Online Course Registration System",
              "vendor": "PHPGurukul",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0"
                },
                {
                  "status": "affected",
                  "version": "3.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "angelkate (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in PHPGurukul Online Course Registration System up to 3.1. This affects an unknown part of the file /enroll.php. The manipulation of the argument studentregno/Pincode/session/department/level/course/sem results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T08:25:26.551Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-340255 | PHPGurukul Online Course Registration System enroll.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.340255"
            },
            {
              "name": "VDB-340255 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.340255"
            },
            {
              "name": "Submit #733344 | PHPGurukul Online Course Registration System \u2264 3.1 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.733344"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://note-hxlab.wetolink.com/share/qX132pk8Wofk"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://phpgurukul.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-01-09T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-01-22T18:32:14.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "PHPGurukul Online Course Registration System enroll.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-0803",
        "datePublished": "2026-01-09T15:32:09.036Z",
        "dateReserved": "2026-01-09T09:41:52.701Z",
        "dateUpdated": "2026-02-23T08:25:26.551Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0733 (GCVE-0-2026-0733)

    Vulnerability from cvelistv5 – Published: 2026-01-08 23:32 – Updated: 2026-02-23 08:25 X_Freeware
    VLAI
    Title
    PHPGurukul Online Course Registration System manage-students.php sql injection
    Summary
    A vulnerability was determined in PHPGurukul Online Course Registration System up to 3.1. This impacts an unknown function of the file /onlinecourse/admin/manage-students.php. This manipulation of the argument id/cid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    PHPGurukul Online Course Registration System Affected: 3.0
    Affected: 3.1
        cpe:2.3:a:phpgurukul:online_course_registration_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    angelkate (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0733",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-09T16:21:52.970602Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-09T16:22:02.232Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:phpgurukul:online_course_registration_system:*:*:*:*:*:*:*:*"
              ],
              "product": "Online Course Registration System",
              "vendor": "PHPGurukul",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0"
                },
                {
                  "status": "affected",
                  "version": "3.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "angelkate (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in PHPGurukul Online Course Registration System up to 3.1. This impacts an unknown function of the file /onlinecourse/admin/manage-students.php. This manipulation of the argument id/cid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T08:25:04.752Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-340130 | PHPGurukul Online Course Registration System manage-students.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.340130"
            },
            {
              "name": "VDB-340130 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.340130"
            },
            {
              "name": "Submit #733328 | PHPGurukul Online Course Registration System \u2264 3.1 SQL Injection Vulnerability",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.733328"
            },
            {
              "name": "Submit #733331 | PHPGurukul Online Course Registration System \u2264 3.1 SQL Injection (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.733331"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://note-hxlab.wetolink.com/share/cU33RBoPPAF0"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://note-hxlab.wetolink.com/share/Tma34bofeB2L"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://phpgurukul.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-01-08T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-01-22T18:32:14.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "PHPGurukul Online Course Registration System manage-students.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-0733",
        "datePublished": "2026-01-08T23:32:13.020Z",
        "dateReserved": "2026-01-08T15:32:32.701Z",
        "dateUpdated": "2026-02-23T08:25:04.752Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-5066 (GCVE-0-2024-5066)

    Vulnerability from cvelistv5 – Published: 2024-05-17 20:00 – Updated: 2024-08-08 14:37
    VLAI
    Title
    PHPGurukul Online Course Registration System pincode-verification.php sql injection
    Summary
    A vulnerability classified as critical was found in PHPGurukul Online Course Registration System 3.1. Affected by this vulnerability is an unknown functionality of the file /pincode-verification.php. The manipulation of the argument pincode leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264925 was assigned to this vulnerability.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.264925 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.264925 signaturepermissions-required
    https://vuldb.com/?submit.336240 third-party-advisory
    https://github.com/BurakSevben/CVEs/blob/main/Onl… exploit
    Impacted products
    Vendor Product Version
    PHPGurukul Online Course Registration System Affected: 3.1
    Create a notification for this product.
    phpgurukul online_course_registration_system Affected: 3.1
        cpe:2.3:a:phpgurukul:online_course_registration_system:3.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Burak (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:03:10.629Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-264925 | PHPGurukul Online Course Registration System pincode-verification.php sql injection",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.264925"
              },
              {
                "name": "VDB-264925 | CTI Indicators (IOB, IOC, TTP, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.264925"
              },
              {
                "name": "Submit #336240 | PHPGurukul Online Course Registration System 3.1 SQL Injection",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.336240"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20SQL%20Injection%20-%204.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:phpgurukul:online_course_registration_system:3.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "online_course_registration_system",
                "vendor": "phpgurukul",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5066",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-20T15:50:06.580336Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-08T14:37:56.667Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Online Course Registration System",
              "vendor": "PHPGurukul",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Burak (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical was found in PHPGurukul Online Course Registration System 3.1. Affected by this vulnerability is an unknown functionality of the file /pincode-verification.php. The manipulation of the argument pincode leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264925 was assigned to this vulnerability."
            },
            {
              "lang": "de",
              "value": "In PHPGurukul Online Course Registration System 3.1 wurde eine kritische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /pincode-verification.php. Dank Manipulation des Arguments pincode mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-17T20:00:06.464Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-264925 | PHPGurukul Online Course Registration System pincode-verification.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.264925"
            },
            {
              "name": "VDB-264925 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.264925"
            },
            {
              "name": "Submit #336240 | PHPGurukul Online Course Registration System 3.1 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.336240"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20SQL%20Injection%20-%204.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-05-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-05-17T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-05-17T15:31:33.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "PHPGurukul Online Course Registration System pincode-verification.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-5066",
        "datePublished": "2024-05-17T20:00:06.464Z",
        "dateReserved": "2024-05-17T13:26:15.710Z",
        "dateUpdated": "2024-08-08T14:37:56.667Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5065 (GCVE-0-2024-5065)

    Vulnerability from cvelistv5 – Published: 2024-05-17 20:00 – Updated: 2024-08-01 21:03
    VLAI
    Title
    PHPGurukul Online Course Registration System sql injection
    Summary
    A vulnerability classified as critical has been found in PHPGurukul Online Course Registration System 3.1. Affected is an unknown function of the file /onlinecourse/. The manipulation of the argument regno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264924.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.264924 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.264924 signaturepermissions-required
    https://vuldb.com/?submit.336239 third-party-advisory
    https://github.com/BurakSevben/CVEs/blob/main/Onl… exploit
    Impacted products
    Credits
    Burak (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5065",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-20T13:52:08.271948Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:02:18.155Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:03:10.474Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-264924 | PHPGurukul Online Course Registration System sql injection",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.264924"
              },
              {
                "name": "VDB-264924 | CTI Indicators (IOB, IOC, TTP, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.264924"
              },
              {
                "name": "Submit #336239 | PHPGurukul Online Course Registration System 3.1 SQL Injection  (Unauthenticated)",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.336239"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20SQL%20Injection%20-%203%20(Unauthenticated).md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Online Course Registration System",
              "vendor": "PHPGurukul",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Burak (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in PHPGurukul Online Course Registration System 3.1. Affected is an unknown function of the file /onlinecourse/. The manipulation of the argument regno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264924."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in PHPGurukul Online Course Registration System 3.1 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /onlinecourse/. Dank der Manipulation des Arguments regno mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-17T20:00:04.992Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-264924 | PHPGurukul Online Course Registration System sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.264924"
            },
            {
              "name": "VDB-264924 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.264924"
            },
            {
              "name": "Submit #336239 | PHPGurukul Online Course Registration System 3.1 SQL Injection  (Unauthenticated)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.336239"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20SQL%20Injection%20-%203%20(Unauthenticated).md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-05-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-05-17T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-05-17T15:31:32.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "PHPGurukul Online Course Registration System sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-5065",
        "datePublished": "2024-05-17T20:00:04.992Z",
        "dateReserved": "2024-05-17T13:26:12.584Z",
        "dateUpdated": "2024-08-01T21:03:10.474Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5064 (GCVE-0-2024-5064)

    Vulnerability from cvelistv5 – Published: 2024-05-17 18:31 – Updated: 2024-08-01 21:03
    VLAI
    Title
    PHPGurukul Online Course Registration System news-details.php sql injection
    Summary
    A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been rated as critical. This issue affects some unknown processing of the file news-details.php. The manipulation of the argument nid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264923.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.264923 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.264923 signaturepermissions-required
    https://vuldb.com/?submit.336238 third-party-advisory
    https://github.com/BurakSevben/CVEs/blob/main/Onl… exploit
    Impacted products
    Vendor Product Version
    PHPGurukul Online Course Registration System Affected: 3.1
    Create a notification for this product.
    phpgurukul online_course_registration_system Affected: 3.1
        cpe:2.3:a:phpgurukul:online_course_registration_system:3.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Burak (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:phpgurukul:online_course_registration_system:3.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "online_course_registration_system",
                "vendor": "phpgurukul",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5064",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-21T18:49:08.230287Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:02:06.755Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:03:10.496Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-264923 | PHPGurukul Online Course Registration System news-details.php sql injection",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.264923"
              },
              {
                "name": "VDB-264923 | CTI Indicators (IOB, IOC, TTP, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.264923"
              },
              {
                "name": "Submit #336238 | PHPGurukul Online Course Registration System 3.1 SQL Injection  (Unauthenticated)",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.336238"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20SQL%20Injection%20-%202%20(Unauthenticated).md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Online Course Registration System",
              "vendor": "PHPGurukul",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Burak (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been rated as critical. This issue affects some unknown processing of the file news-details.php. The manipulation of the argument nid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264923."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in PHPGurukul Online Course Registration System 3.1 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei news-details.php. Durch Beeinflussen des Arguments nid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-17T18:31:06.286Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-264923 | PHPGurukul Online Course Registration System news-details.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.264923"
            },
            {
              "name": "VDB-264923 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.264923"
            },
            {
              "name": "Submit #336238 | PHPGurukul Online Course Registration System 3.1 SQL Injection  (Unauthenticated)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.336238"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20SQL%20Injection%20-%202%20(Unauthenticated).md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-05-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-05-17T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-05-17T15:31:31.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "PHPGurukul Online Course Registration System news-details.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-5064",
        "datePublished": "2024-05-17T18:31:06.286Z",
        "dateReserved": "2024-05-17T13:26:07.359Z",
        "dateUpdated": "2024-08-01T21:03:10.496Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5063 (GCVE-0-2024-5063)

    Vulnerability from cvelistv5 – Published: 2024-05-17 18:31 – Updated: 2024-08-01 21:03
    VLAI
    Title
    PHPGurukul Online Course Registration System index.php sql injection
    Summary
    A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264922 is the identifier assigned to this vulnerability.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.264922 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.264922 signaturepermissions-required
    https://vuldb.com/?submit.336236 third-party-advisory
    https://github.com/BurakSevben/CVEs/blob/main/Onl… exploit
    Impacted products
    Vendor Product Version
    PHPGurukul Online Course Registration System Affected: 3.1
    Create a notification for this product.
    phpgurukul online_course_registration_system Affected: 3.1
        cpe:2.3:a:phpgurukul:online_course_registration_system:3.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Burak (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:phpgurukul:online_course_registration_system:3.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "online_course_registration_system",
                "vendor": "phpgurukul",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5063",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-24T14:55:12.151974Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:01:51.039Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:03:10.441Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-264922 | PHPGurukul Online Course Registration System index.php sql injection",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.264922"
              },
              {
                "name": "VDB-264922 | CTI Indicators (IOB, IOC, TTP, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.264922"
              },
              {
                "name": "Submit #336236 | PHPGurukul Online Course Registration System 3.1 Authentication Bypass via SQL Injection",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.336236"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20Authentication%20Bypass.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Online Course Registration System",
              "vendor": "PHPGurukul",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Burak (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264922 is the identifier assigned to this vulnerability."
            },
            {
              "lang": "de",
              "value": "In PHPGurukul Online Course Registration System 3.1 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/index.php. Durch das Beeinflussen des Arguments username/password mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-17T18:31:04.690Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-264922 | PHPGurukul Online Course Registration System index.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.264922"
            },
            {
              "name": "VDB-264922 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.264922"
            },
            {
              "name": "Submit #336236 | PHPGurukul Online Course Registration System 3.1 Authentication Bypass via SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.336236"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/BurakSevben/CVEs/blob/main/Online%20Course%20Registration%20System/Online%20Course%20Registration%20System%20-%20Authentication%20Bypass.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-05-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-05-17T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-05-17T15:31:22.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "PHPGurukul Online Course Registration System index.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-5063",
        "datePublished": "2024-05-17T18:31:04.690Z",
        "dateReserved": "2024-05-17T13:26:04.350Z",
        "dateUpdated": "2024-08-01T21:03:10.441Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }